+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<refentry id="pts_setfields1">
- <refmeta>
- <refentrytitle>pts setfields</refentrytitle>
- <manvolnum>1</manvolnum>
- </refmeta>
- <refnamediv>
- <refname>pts setfields</refname>
- <refpurpose>Sets privacy flags or quota for a Protection Database entry</refpurpose>
- </refnamediv>
- <refsect1>
- <title>Synopsis</title>
- <para><emphasis role="bold">pts setfields</emphasis> <emphasis role="bold">-nameorid</emphasis> <<emphasis>user or group name or id</emphasis>>+
- [<emphasis role="bold">-access</emphasis> <<emphasis>set privacy flags</emphasis>>]
- [<emphasis role="bold">-groupquota</emphasis> <<emphasis>set limit on group creation</emphasis>>]
- [<emphasis role="bold">-cell</emphasis> <<emphasis>cell name</emphasis>>] [<emphasis role="bold">-noauth</emphasis>] [<emphasis role="bold">-force</emphasis>] [<emphasis role="bold">-help</emphasis>]</para>
-
- <para><emphasis role="bold">pts setf</emphasis> <emphasis role="bold">-na</emphasis> <<emphasis>user or group name or id</emphasis>>+
- [<emphasis role="bold">-a</emphasis> <<emphasis>set privacy flags</emphasis>>]
- [<emphasis role="bold">-g</emphasis> <<emphasis>set limit on group creation</emphasis>>] [<emphasis role="bold">-c</emphasis> <<emphasis>cell name</emphasis>>]
- [<emphasis role="bold">-no</emphasis>] [<emphasis role="bold">-f</emphasis>] [<emphasis role="bold">-h</emphasis>]</para>
-
- </refsect1>
- <refsect1>
- <title>Description</title>
- <para>The <emphasis role="bold">pts setfields</emphasis> command sets the group-creation quota, the privacy
- flags, or both, associated with each user, machine, or group entry
- specified by the <emphasis role="bold">-nameorid</emphasis> argument.</para>
-
- <para>To examine the current quota and privacy flags, use the <emphasis role="bold">pts examine</emphasis>
- command.</para>
-
- </refsect1>
- <refsect1>
- <title>Cautions</title>
- <para>Changing a machine or group's group-creation quota is allowed, but not
- recommended. The concept is meaningless for machines and groups, because
- it is impossible to authenticate as a group or machine.</para>
-
- <para>Similarly, some privacy flag settings do not have a sensible
- interpretation. <link linkend="OPTIONS">OPTIONS</link> specifies the appropriate settings.</para>
-
- </refsect1>
- <refsect1>
- <title>Options</title>
- <variablelist>
- <varlistentry>
- <term><emphasis role="bold">-nameorid</emphasis> <<emphasis>user or group name or id</emphasis>>+</term>
- <listitem>
- <para>Specifies the name or AFS UID of each user, the IP address (complete or
- wildcard-style) of each machine, or the name or AFS GID of each machine
- for which to set privacy flags or group-creation quota. It is acceptable
- to mix users, machines, and groups on the same command line, as well as
- names (IP addresses for machines) and IDs. Precede the GID of each group
- with a hyphen to indicate that it is negative.</para>
-
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><emphasis role="bold">-access</emphasis> <<emphasis>privacy flags</emphasis>></term>
- <listitem>
- <para>Specifies the privacy flags to apply to each entry. Provide a string of
- five characters, one for each of the permissions. If this option is
- omitted, the current setting remains unchanged.</para>
-
- <para>Set each flag to achieve the desired combination of permissions. If the
- following list does not mention a certain setting, it is not
- acceptable. For further discussion of the privacy flags, see
- <link linkend="pts_examine1">pts_examine(1)</link>.</para>
-
- <itemizedlist>
- <listitem>
- <para>The first flag determines who can use the <emphasis role="bold">pts examine</emphasis> command to
- display information from a user, machine or group's Protection Database
- entry.</para>
-
- <itemizedlist>
- <listitem>
- <para>Set it to lowercase <computeroutput>s</computeroutput> to permit the members of the
- system:administrators group to display a user, machine, or group entry,
- and the associated user to display a user entry.</para>
-
- </listitem>
- <listitem>
- <para>Set it to uppercase <computeroutput>S</computeroutput> to permit anyone who can access the cell's
- database server machines to display a user, machine, or group entry.</para>
-
- </listitem>
- </itemizedlist>
- </listitem>
- <listitem>
- <para>The second flag determines who can use the <emphasis role="bold">pts listowned</emphasis> command to
- list the groups that a user or group owns.</para>
-
- <itemizedlist>
- <listitem>
- <para>Set it to the hyphen (<computeroutput>-</computeroutput>) to permit the members of the
- system:administrators group and a user to list the groups he or she owns,
- or to permit the members of the system:administrators group and a group's
- owner to list the groups that a group owns.</para>
-
- </listitem>
- <listitem>
- <para>Set it to uppercase letter <computeroutput>O</computeroutput> to permit anyone who can access the cell's
- database server machines to list the groups owned by a machine or group
- entry.</para>
-
- </listitem>
- </itemizedlist>
- </listitem>
- <listitem>
- <para>The third flag determines who can use the <emphasis role="bold">pts membership</emphasis> command to
- list the groups to which a user or machine belongs, or the users and
- machines that belong to a group.</para>
-
- <itemizedlist>
- <listitem>
- <para>Set it to the hyphen (<computeroutput>-</computeroutput>) to permit the members of the
- system:administrators group and a user to list the groups he or she
- belongs to, to permit the members of the <emphasis role="bold">system:administrators</emphasis> group to
- list the groups a machine belongs to, or to permit the members of the
- system:administrators group and a group's owner to list the users and
- machines that belong to it.</para>
-
- </listitem>
- <listitem>
- <para>Set it to lowercase <computeroutput>m</computeroutput> to permit members of a group to list the other
- members. (For user and machine entries, this setting is equivalent to the
- hyphen.)</para>
-
- </listitem>
- <listitem>
- <para>Set it to uppercase <computeroutput>M</computeroutput> to permit anyone who can access the cell's
- database server machines to list membership information for a user,
- machine or group.</para>
-
- </listitem>
- </itemizedlist>
- </listitem>
- <listitem>
- <para>The fourth flag determines who can use the <emphasis role="bold">pts adduser</emphasis> command to add
- users and machines as members of a group. This flag has no sensible
- interpretation for user and machine entries, but must be set nonetheless,
- preferably to the hyphen.</para>
-
- <itemizedlist>
- <listitem>
- <para>Set it to the hyphen (<computeroutput>-</computeroutput>) to permit the members of the
- system:administrators group and the owner of the group to add members.</para>
-
- </listitem>
- <listitem>
- <para>Set it to lowercase <computeroutput>a</computeroutput> to permit members of a group to add other
- members.</para>
-
- </listitem>
- <listitem>
- <para>Set it to uppercase <computeroutput>A</computeroutput> to permit anyone who can access the cell's
- database server machines to add members to a group.</para>
-
- </listitem>
- </itemizedlist>
- </listitem>
- <listitem>
- <para>The fifth flag determines who can use the <emphasis role="bold">pts removeuser</emphasis> command to
- remove users and machines from membership in a group. This flag has no
- sensible interpretation for user and machine entries, but must be set
- nonetheless, preferably to the hyphen.</para>
-
- <itemizedlist>
- <listitem>
- <para>Set it to the hyphen (<computeroutput>-</computeroutput>) to permit the members of the
- system:administrators group and the owner of the group to remove members.</para>
-
- </listitem>
- <listitem>
- <para>Set it to lowercase <computeroutput>r</computeroutput> to permit members of a group to remove other
- members.</para>
-
- </listitem>
- </itemizedlist>
- </listitem>
- </itemizedlist>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><emphasis role="bold">-groupquota</emphasis> <<emphasis>group creation quota</emphasis>></term>
- <listitem>
- <para>Specifies the number of additional groups a user can create (it does not
- matter how many he or she has created already). Do not include this
- argument for a group or machine entry.</para>
-
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><emphasis role="bold">-cell</emphasis> <<emphasis>cell name</emphasis>></term>
- <listitem>
- <para>Names the cell in which to run the command. For more details, see
- <link linkend="pts1">pts(1)</link>.</para>
-
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><emphasis role="bold">-noauth</emphasis></term>
- <listitem>
- <para>Assigns the unprivileged identity anonymous to the issuer. For more
- details, see <link linkend="pts1">pts(1)</link>.</para>
-
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><emphasis role="bold">-force</emphasis></term>
- <listitem>
- <para>Enables the command to continue executing as far as possible when errors
- or other problems occur, rather than halting execution at the first error.</para>
-
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><emphasis role="bold">-help</emphasis></term>
- <listitem>
- <para>Prints the online help for this command. All other valid options are
- ignored.</para>
-
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect1>
- <refsect1>
- <title>Examples</title>
- <para>The following example changes the privacy flags on the group <computeroutput>operators</computeroutput>,
- retaining the default values of the first, second and third flags, but
- setting the fourth and fifth flags to enable the group's members to add
- and remove other members.</para>
-
-<programlisting>
- % pts setfields -nameorid operators -access S-Mar
-
-</programlisting>
- <para>The following example changes the privacy flags and sets group quota on
- the user entry <computeroutput>admin</computeroutput>. It retains the default values of the first,
- fourth, and fifth flags, but sets the second and third flags, to enable
- anyone to list the groups that <computeroutput>admin</computeroutput> owns and belongs to. Users
- authenticated as <computeroutput>admin</computeroutput> can create an additional 50 groups.</para>
-
-<programlisting>
- % pts setfields -nameorid admin -access SOM-- -groupquota 50
-
-</programlisting>
- </refsect1>
- <refsect1>
- <title>Privilege Required</title>
- <para>To edit group entries or set the privacy flags on any type of entry, the
- issuer must own the entry or belong to the system:administrators group. To
- set group-creation quota on a user entry, the issuer must belong to the
- system:administrators group.</para>
-
- </refsect1>
- <refsect1>
- <title>See Also</title>
- <para><link linkend="pts1">pts(1)</link>,
- <link linkend="pts_adduser1">pts_adduser(1)</link>,
- <link linkend="pts_examine1">pts_examine(1)</link>,
- <link linkend="pts_listowned1">pts_listowned(1)</link>,
- <link linkend="pts_membership1">pts_membership(1)</link>,
- <link linkend="pts_removeuser1">pts_removeuser(1)</link></para>
-
- </refsect1>
- <refsect1>
- <title>Copyright</title>
- <para>IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.</para>
-
- <para>This documentation is covered by the IBM Public License Version 1.0. It was
- converted from HTML to POD by software written by Chas Williams and Russ
- Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.</para>
-
- </refsect1>
- </refentry>
git://git.openafs.org / openafs.git / blobdiff